CompTIA recently announced its 11th Annual Information Security Trends study, in which the IT industry organization concluded that the “overwhelming majority of companies (82 percent) surveyed” were either completely or mostly satisfied with their current level of security.

If that sounds overly optimistic to you and a bit out of touch with today’s cyber-threat reality, you’re not alone. Even CompTIA noted that “Many organizations may be assuming a satisfactory level of security without truly performing the due diligence to understand their exposure and build an appropriate security posture…”

Malware A Top Concern

In our world, of course, malware is enemy #1.

When CompTIA asked survey respondents to rate their top security concerns, they made a distinction between general malware like viruses, worms, Trojans and botnets, and Advanced Persistent Threats (APTs), which it placed under the category of “Hacking.”

It is surprising to see that general malware – which most organizations often feel they have a good handle on with their antivirus software – was cited as a “serious concern” at a greater rate than APTs.

Our own data shows that 69% of C-level executives within U.S. enterprises are concerned they are vulnerable to advanced malware threats like APTs. Additonally, the more those companies spend on security, the more anxiety they have, with 97% of executives within enterprises with IT security budgets of more than $1 million saying they are concerned about their exposure to advanced malware threats.

Multiple Security Concerns Uncovered

The CompTIA survey goes on to cite some more of the usual suspects that security professionals are struggling to deal with, including BYOD, social networking, cloud computing, user education and policy enforcement.

Another interesting data point from the survey is that CompTIA found that only 41% of respondents use a formal risk analysis process as part of their security plans.

So, CISOs, where do you fit in the spectrum? Are you as confident as the IT professionals who responded to the CompTIA survey, or are you a little more cautious in your evaluation of your cybersecurity readiness?